The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announcement list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announcement mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to the announcement list to receive any last minute meeting info.

The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announcement list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announcement mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-announce here]. The discussion mailing list can be found [http://lists.owasp.org/mailman/listinfo/owasp-rochester-ny here]. You can also review the [http://lists.owasp.org/pipermail/owasp-rochester-announce/ announcement] and [http://lists.owasp.org/pipermail/owasp-rochester-ny discussion] e-mail archives to see what folks have been talking about. Please make sure you are subscribed to the announcement list to receive any last minute meeting info.

Ethical Hacking as a Professional Penetration Testing Technique

We'll have some brief news and chapter business followed by a presentation by Ralph Durkee. Food will be provided so please register by sending an email. You can park in J or T Lots. Campus maps are on-line http://maps.rit.edu.

Abstract: Ralph will briefly discuss Ethical Hacking (EH) and Penetration Testing (PT), why they are important and how they differ. He will talk about the ethical hacking mindset and the ethical hacking process and why it's important as a professional Penetration testing meta-technique. The presentation will then apply the EH process with audience participation on exploiting sample vulnerabilities of both servers and clients. The examples will cover several specific, yet basic tools and techniques that continue to be effective in the exploitations of systems, applications and clients. Of course he'll also briefly discuss how to defend against these attacks. Although the cool tools and sexy exploits tend to get much of the attention when it comes to penetration testing, the focus will be on the ethical hacking as a meta-technique and how it can be applied to maximize the usefulness of the results to the hiring organization. The presentation will also cover some common misconceptions, mistakes, ethical issues and non-professionalisms that continue to trouble the profession.

Bio: Ralph Durkee is the principal security consultant and president of Durkee Consulting, Inc since 1996. Ralph founded the OWASP Rochester, NY chapter and has served on the board since 2004. Ralph served on the ISSA chapter board to start the Rochester ISSA chapter as well as starting the annual Rochester Security Summit. He has served as the ISSA chapter president since 2010. He performs a variety of network and application penetration tests, software security assessments and secure software development consultations for clients. His expertise in penetration testing, incident handling, secure software development and secure Internet and web applications is based on over 30 years of both hands-on and technical training experience. He has developed and taught a wide variety of professional security seminars including custom web application security training, and SANS SEC401 & SEC504 - Hacker Techniques and Incident Handling and CISSP bootcamp courses since 2004. Ralph also regularly consults on the development and implementation of a wide variety of security standards such as web application security, database encryption, Windows and Linux security. Ralph also has done security consulting for compliance with the Payment Card Industry Data Security Standard, and holds the following certifications CISSP, CRISC, GSEC, GCIH, GSNA, GCIA, and GPEN.

Participation

OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the Chapter Rules.

The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announcement list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announcement mailing list can be found here. The discussion mailing list can be found here. You can also review the announcement and discussion e-mail archives to see what folks have been talking about. Please make sure you are subscribed to the announcement list to receive any last minute meeting info.

Ralph Durkee presented a recap of the recent AppSec conference in DC.
Andrea Cogliati gave a talk on Identity Federation and Claim-based Security.

Oct 29-30 2008 - Rochester Security Summit 2008

The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.